CVE-2025-25977

CRITICAL

canvg 4.0.2 - Remote Code Execution via StyleElement Constructor

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-25977. PoCs published by AikidoSec.

AI-analyzed exploit summary This repository contains functional exploit PoCs for multiple CVEs, including CVE-2025-25977, demonstrating JavaScript injection and path traversal vulnerabilities. The tests validate both vulnerable and protected scenarios using the Aikido Zen Firewall.

Description

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement.

Exploits (1)

github WORKING POC 6 stars

by AikidoSec · javascriptpoc

https://github.com/AikidoSec/zen-0-days/tree/main/node/CVE-2025-25977

View Code ZIP pw:eip

This repository contains functional exploit PoCs for multiple CVEs, including CVE-2025-25977, demonstrating JavaScript injection and path traversal vulnerabilities. The tests validate both vulnerable and protected scenarios using the Aikido Zen Firewall.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Node.js applications using @enspirit/elo and st modules

No auth needed

Prerequisites: Node.js environment · Docker for containerized testing

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Issue Tracking

https://github.com/canvg/canvg/issues/1749

Scores

CVSS v3 9.8

EPSS 0.0031

EPSS Percentile 54.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-1321

Status published

Products (2)

canvg/canvg < 3.0.11

npm/canvg 4.0.0 - 4.0.3npm

Published Mar 10, 2025

Tracked Since Feb 18, 2026